RE: [ActiveDir] Best Practice: DNS settings

"best practice" is always relative. Having said that, I don't see a reason to create secondary zones in this scenario. With proper delegation, and forwarding, secondary becomes irrelevant - again in the given scenario. I concur with Roger, and would only add that IF your root servers are able to

RE: [ActiveDir] Tracking the machine from which user logs in

I don't think CConnect was ever fully (and successfully) implemented. I believe it was a theory that died midway. The reason I say this is because I have yet to meet anyone who uses it in production, and I personally spent a lot of time trying to make it work some 4 years ago.   For what Mukul i

RE: [ActiveDir] AD and Exchange not sharing.

>>Yes, I have checked the logs and there are only errors for disabled accounts that have not been deleted. I know that this is NOT the cause of your current problem, but I strongly advise you to NOT ignore these errors. The more of them you get, the more performance impact your Exchange server se

RE: [ActiveDir] ms04-011

I strongly suggest you keep trying to reach PSS. Asking people to send you patches is a dangerously unsafe practice that you should stop indulging in. I am not sure why you are having difficulties obtaining Hotfixes. MS has made this process painfully easy for the past year. You call (800) 936-4900

RE: [ActiveDir] Anyone attending TechEd?

Oh, no! I didn't know Rick would be attending :) Oh, well.now that it's too late to cancel, I guess I have to just learn to stay away from your CABANA :O)     Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know ITwww.akomolafe.comDo you

RE: [ActiveDir] ms04-011

s for win2k3, because on a win2k machine i get "invalid argument" thanks for your help -Original Message- From: deji Agba [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 19, 2004 10:49 AM To: [EMAIL PROTECTED] Subject: RE: [Acti

RE: [ActiveDir] ms04-011

For the first part of this question, look at the TCP/IP properties of the new client you are trying to join to the Domain. Make sure that "Enable LMHosts lookup" is unchecked, then make sure you are pointing at the correct INTERNAL DNS server ONLY (no ISP DNS in there), reboot the machine and re

RE: [ActiveDir] dns issues

More likely DNS than WINS. Trying bouncing the new Server, then restart netlogon on it (in case the MS04-011 is hurting you), then check DNS for the relevant SRV records. I know you said you looked in DHCP, but I have to ask if you made sure that the dead DC is no listed as a DNS server in your

RE: [ActiveDir]

This is not pretty, but with some good lucks (and an existing good backup), you can have success using the methods described here: http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/act ivedirectory/support/adrecov.mspx#XSLTsection126121120120 Sincerely, Dèjì Akómöláfé,

RE: [ActiveDir] Outlook 2003 via GPO?

http://www.microsoft.com/office/ork/2003/two/ch5/DepC04.htm Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon __

RE: [ActiveDir] Offline Files When Disjoining

The computer account name. I think you should the disjoin/rejoin thing. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon __

RE: [ActiveDir] Offline Files When Disjoining

Disjoining AND rejoining to the same domain should not have a negative impact on the Profiles. But, you might want to try Netdom Reset from the client first. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you n

RE: [ActiveDir] Need to confirm a behavior in AD Sites as it pertains to authenti cation.

Try reading "Authentication Topology" by Gil Kirkpatrick. I am not sure if it's a member-only doc, but it's available at  http://www.winnetmag.com/Articles/Print.cfm?ArticleID=37935     Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT

[ActiveDir] Here's what the MVPs mean by NDA

I've decided to break ranks and reveal to the world EXACTLY what the MVPs are up to when they pay their annual pilgrimage to Redmond.   Everyone of them comes and start mouthing "It's NDA", "I really can't tell you", "Yeah, I heard that's coming soon but I can't say anymore..", etc, etc. Eve

[ActiveDir] (OT?) Sasser Cleaner

In case anyone has any need for this, I made a batch file for cleaning the Sasser Worm, using the MS-supplied Sasser Cleaner for Win2K and WinXP machines. The Batch file also patches the Sasser-infect system with MS04-11. Required 3-rd party - PSKILL and PSLIST ( http://www.sysinternals.com/ntw2k

RE: [ActiveDir] Simple LDAP Query

Maybe this will help   http://www.akomolafe.com/DesktopModules/ViewDocument.aspx?DocumentID=33   Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know ITwww.akomolafe.comDo you now realize that Today is the Tomorrow you were worried about Yes

RE: [ActiveDir] Replication issues

The password will get replicated "out of band" [1] back to the PDC on apassword change. Seehttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/bpactlck.mspx, specifically check the piece on "immediatereplication".   I missed this. Let's hope I don't get smacked t

RE: [ActiveDir] Replication issues

You know me, Joe. If you say it's like this, I believe you. I have no doubt about what you see, but I'm telling you, I lived through this for the most part of early last year. It did not work as billed. I worked long hours with PSS before they came out with Alock and the rest. Now, things are mu

RE: [ActiveDir] Replication issues

>>It will get that password back immediately unless the PDC is really busy or otherwise unavailable The way I'm reading this is that you are saying password change will trigger immediate replication to the PDCE. Iin my experience (which I don't have to describe to you :)), this is not the case. Als

RE: [ActiveDir] blocking user access to terminal services via group policy

I think it would be better if you just clear the "Allow Logon to Terminal Service" attributes for all your users. Then you will come back and enable this attribute for any specific user you want to grant the right to. It's cleaner than trying to do this server-by-server. The problem with this, h

RE: [ActiveDir] DNS Configuration question

My own (personal) rule has been: If the DNS server can reach outside, then no forwarding If the DNS server is behind something that makes it impossible (undesirable) for it to communicate with the outside world, use a Forwarder. Of course, that's MY rule. By the way, there are configurations that

RE: [ActiveDir] Clustering

Majority Node Set Clusters is a new feature in Windows 2003 Clustering. This is billed as a way around the dedicated shared disks requirement. If you have no NEED for a dedicated shared storage, then, yes don't HAVE to have one. This is all a book knowledge I'm regurgitating here. I haven't perso

RE: [ActiveDir] (OT?) Slow resume from computer Lock

It would more likely be DNS if this were happening on boot-up. But he says this happens on resumption from a locked state. More likely to be AV or powersaving issue.     Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+I Microsoft MVP - Active Directorywww.akomolafe.comwww.iyaburo.comDo you now realize

RE: [ActiveDir] DNS registration errors

I know some people may disagree, but here's my 50 cents worth of opinion. You've got your configuration all back-assward. You should not be using your ISP's DNS server. You shouldn't use their DHCP server either, but that's negotiable, if you are in the negotiating mode :) Regarddless of anythi

RE: [ActiveDir] AD screw up

OK, now I'm confused. I've always known about the problems with renaming a Domain that has Exchange in it, because I've personally verified it in tests. I've always preached this to people who got hooked on the "Domain Rename" claim. I've always told them to pretend that they never heard or read th

RE: [ActiveDir] logon scripts

Roger SeielstadSent: Tue 4/13/2004 6:24 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] logon scripts Except Deji forgets one important piece of information (which is rare for him) - VBScript doesn't natively run on Win9x. It requires a separate install of Windows Scri

RE: [ActiveDir] logon scripts

9:19 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] logon scripts Smart guy.   :op   -rtk From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of deji AgbaSent: Monday, April 12, 2004 11:13 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] logon scripts I don't have a Win9X to te

RE: [ActiveDir] logon scripts

I don't have a Win9X to test this on, but Win2K/2K3/XP is fair game for this:   Set wshNetwork = WScript.CreateObject("WScript.Network")Set wshShell = WScript.CreateObject("WScript.Shell") str_Group1_Share   = "file://myserver/myShare1"str_Exec_Share   = "file://myserver/myShare2"str_BS_Share  

RE: [ActiveDir] Verifying DNS records of many DC's

Check them/verify them for what? Check if they exist or if they are good?     Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+I Microsoft MVP - Active Directorywww.akomolafe.comwww.iyaburo.comDo you now realize that Today is the Tomorrow you were worried about Yesterday?  -anon From: David AdnerSent

RE: [ActiveDir] Photos in Active Directory

Your .dit will not like it if you do it this. You will not like it either. Why not build a "Phone book" and have it query AD for the users and link the result to a picture of the queried user. This is how I do it right now. If you know .Net and would like to see a sample, hook up with me offline.

RE: [ActiveDir] OT: Logon-Script Help

For Each the Computer In aryP1 If UCASE(theComputer) = UCASE(strComputer) Then     Printer1 End If Next   I wonder why you have to put this in an array and do it this way. But then, you understand your requirement and setup better. Also, are the spaces "\\Local_Print_Server \P1 " and ot

RE: [ActiveDir] Server up/downtime

>>So say an Exchange Server that is responding to pings but isn't handling mail at all or not very well is considered UP for availability numbers.   This you handle by using the Built-in Exchange monitoring tool. You can roll your own sink to monitor queue and send you an alert IF it reaches a c

RE: [ActiveDir] Accidentally deleted OU with lots of users

y www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of GRILLENMEIER,GUIDO (HP-Germany,ex1) Sent: Wed 3/24/2004 9:11 AM To: [EMAIL PROTECTED] Subject: RE: [Acti

RE: [ActiveDir] Accidentally deleted OU with lots of users

I confess my lack of understanding of this procedure. I've used the procedure I posted many times in restoring deleted objects (including OUs). Since you posted this yesterday, I've been scratching my head and hacking OUs on my test domains and restoring them following the procedures I posted and t

RE: [ActiveDir] Accidentally deleted OU with lots of users

This is not really terrible. Especially since you have a good backup. http://support.microsoft.com/default.aspx?scid=kb;EN-US;q241594 pay close attention to the "Restore a Subtree" part. If you don't understand any part of it, ask here again. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I Mi

RE: [ActiveDir] DNS not intergrating into AD

Hate to make you do this, but it would help if you could explain some more about your config. If you look in the ISA log at the time you are issuing the nslookup against your DNS server, what do you see? I see you made references to . Does this mean that this server is multi-home? If you could,

RE: [ActiveDir] DNS not intergrating into AD

Carlos,   you did not mention your flavor of Windows. But I think what you described is a Win2K3 DNS behavior (EDNS-0) -especially since you mentioned ISA. Try http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_DNS_pro_ModifyEDNS.asp   HTH     Sincere

RE: [ActiveDir] OU design quandary

From where I'm sitting, Option 1 is out of the equation simply because I don't think you base OU design considerations on whether you search or query. OU is for "Administrative" convenience and I think it is best for your design to reflect your Organization structure, geography, and Administrati

[ActiveDir]

  http://www.joeware.net/win32/zips/OldCmp.zip   Hello, Juan. Where have been?   Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+I Microsoft MVP - Active Directorywww.akomolafe.comwww.iyaburo.comDo you now realize that Today is the Tomorrow you were worried about Yesterday?  -anon From: Juan IbarraS

RE: [ActiveDir] [Slightly OT] Delete inhibit DOMAIN\Remote Management group from local admins...

Man! You guys are good :) Thanks for digging this up.     Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+I Microsoft MVP - Active Directorywww.akomolafe.comwww.iyaburo.comDo you now realize that Today is the Tomorrow you were worried about Yesterday?  -anon From: Free, BobSent: Sun 2/29/2004 1:26 P

RE: [ActiveDir] [Slightly OT] Delete inhibit DOMAIN\Remote Management group from local admins...

I, for one, would be VERY interested in that documentation. I hope it's true and that MS has reworked the whole "Restricted Group" thingy. I personally got so badly burned by the lack of thoughts/testing that went into the original design, I have so far been scared of even thinking about anythin

RE: [ActiveDir] Disaster Recovery Test

So, where's the DNS server for domain.net?     Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+I Microsoft MVP - Active Directorywww.akomolafe.comwww.iyaburo.comDo you now realize that Today is the Tomorrow you were worried about Yesterday?  -anon From: Jennifer FountainSent: Wed 2/25/2004 8:35 AMTo

RE: [ActiveDir] Off-topic: ISA Server and WMI

need to serously apologize for the oversight.     Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+I Microsoft MVP - Active Directorywww.akomolafe.comwww.iyaburo.comDo you now realize that Today is the Tomorrow you were worried about Yesterday?  -anon From: deji AgbaSent: Wed 2/25/2004 7:38 AMTo

RE: [ActiveDir] Off-topic: ISA Server and WMI

Title: Message I'd ask Jim Harrison at MS ([EMAIL PROTECTED]). He has his own corner on isaserver.org, and if 2 people can help you, I think Jim would be one of the 2.   Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+I Microsoft MVP - Active Directorywww.akomolafe.comwww.iyaburo.comDo you now realize

RE: [ActiveDir] Removing AD from Exchange Server +

>>Will there be any problems in demoting all but dc01? I am inferring from this that you are on a Win2K domain :). I would say leaving ONLY dc01 is not a "good thing" for Single Point of Failure reasons. However, you can "do it", although I recommend that you leave 2 DCs. To answer your question

RE: [ActiveDir] DNS Registration issue

You want to be looking for "ListenAddress" and "PublishAddress" in these 2 articles. You can only resolve this issue by doing the Reg Hack for those 2 entries. You want to be sure that both NICs are using the Internal address for DNS and that only the external NIC has a Default Gatewy specified.

RE: [ActiveDir] Exchange Migration with Domain

First take a look at this: http://support.microsoft.com/default.aspx?scid=%2fservicedesks%2fwebcasts%2fwc031803%2fwcblurb031803.asp   Like they say, there are many ways to skin a cat (apologies to all animal lovers :)). Starting with one DC. Add a BDC, make sure this machine is a good one beca

RE: [ActiveDir] KRB_AP_ERR_MODIFIED error

Reading backwards, I see: >>1) What are the ramifications of having duplicates in DNS for workstations? and juxtaposing that with: >>then it has a cifs something..like cifs/FASTMOFO.OUR.COMPANY.COM (btw, this is helpful http://www.microsoft.com/mind/1196/cifs.asp) I am led to conclude t

RE: [ActiveDir] Dcdiag.exe giving problems.

I don't know if anyone has mentioned this or not, but it appears to me that you are a victim of the SP4-Single-labelled-domain-name "bug", which is not really a bug. Read more on it here: http://support.microsoft.com/default.aspx?kbid=300684   Then follow discussions about it here: http://www.mc

RE: [ActiveDir] AD lists Last Name in the First Name Field

ntham Systems Engineer, ITS Dept [EMAIL PROTECTED] * 312-742- 2731 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of deji Agba Sent: Friday, February 20, 2004 12:09 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD lists Last Name in the First Name

RE: [ActiveDir] OU/Computer accounts reorganization

I just posted this from my archives http://www.akomolafe.com/DesktopModules/ViewDocument.aspx?DocumentID=30 . Not pretty, but works.     Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+I Microsoft MVP - Active Directorywww.akomolafe.comwww.iyaburo.comDo you now realize that Today is the Tomorrow you w

RE: [ActiveDir] AD lists Last Name in the First Name Field

http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q300427 http://support.microsoft.com/default.aspx?scid=kb;en-us;Q277717     Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+I Microsoft MVP - Active Directorywww.akomolafe.comwww.iyaburo.comDo you now realize that Today is the Tomorrow you were w

RE: [ActiveDir] FRS/SYSVOL replication errors

Todd, I can not swear to this, but I read somewhere that this exact "issue" is one of the things that are supposed to make you think twice before you pull the "domain rename" trigger. One of the other is the presence of Exchange. Since I've not been able to locate where I read/heard this, I may be

RE: [ActiveDir] OY: Adding a 2nd Exchange server...

>>will we end up having to re-point all of our e-mail clients, or is that all automatic? It depends. It "should" be transparent, but my personal experience is that Office XP and above clients tend to auto-discover the changes very seamlessly. Older clients have more often than not required manua

RE: [ActiveDir] AD Computer Accounts

I have seen this many times and the "causes" are varied. However, the "reason" seems to always be the same - the computer has not reset its secure-channel passwords for a long time (7 days in NT4, 30 days in W2K) and are, therefore, considering "persona non gratas" because the password expired on t

RE: [ActiveDir] Time Sync in AD

omain hierarchy sync (domhier)... I got the same impression as Deji that net time is the simple command, W32tm is for when you really mean it. Rich -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, February 16, 200

RE: [ActiveDir] Time Sync in AD

from my "Help and Support Center" on a Win2K3 server, I get the following when I searched for "Net Time": Net time Synchronizes the computer's clock with that of another computer or domain. Used without parameters, net time displays the time for another computer or domain .. Remarks *

RE: [ActiveDir] AD Protected groups

-anon From: Rich MilburnSent: Mon 2/16/2004 11:46 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] AD Protected groups Deji wrote: >. It's just my way of pointing out that this is not a localized incident. They are all reading from the same economic page, shedding needed manpower and cuttin

RE: [ActiveDir] Restrict Administrative Privileges

I'm sure most people here can relate to what you are describing. And very few of us can win the battle as well as Joe :). While I am not trying to dictate any "best practice" to you ("best practice" is a relative term AFAIC), I still think that giving this best such a wide latitude as "Domain Admin

RE: [ActiveDir] Restrict Administrative Privileges

You can try setting "deny" for "Reset Password" permission. But that would not stop a knowledgeable (or determined) Domain Admin. Which then raises the question of trust. Why make this person a Domain Admin if you do not trust him/her with access to EVERYTHING? In my opinion, trying to deny him a

RE: [ActiveDir] IE6 SP1 MSI Wrapper

>>I would much prefer downloading the package through an external source I have one. But how would you know it's clean? Will you check to be sure it's not Trojanized? >> jump over hurdles to get to the right person at MS There is no "hurdle" to jump through. You call MS (since you are in the US,

RE: [ActiveDir] MS04-007 checking

In case anyone here is having difficulties justifying (to management) the "urgent" need patch systems against this new vulnerability, here's one for your ammunition: There is now a "Proof of Concept" exploit code that exploits this vulnerability. The clock is now ticking in the race for another

RE: [ActiveDir] Active Directory Design Issues

Title: Active Directory Design Issues You will find most of what you need for your project planning here: http://www.microsoft.com/technet/prodtechnol/ad/windows2000/plan/bpaddsgn.asp and here http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/cookbook/cookintr.asp     Sincere

RE: [ActiveDir] AD Protected groups

>>Unfortunately a decision was made to start using IBM.the service is worse than Dell's service and we didn't think it was possible to get worse service than what we got from Dell. >>Actually had a problem last week where the response is, ok we will see you tomorrow morning. This was when th

RE: [ActiveDir] Manual _Msdcs Zone Creation in Windows 2003

>If you are not installing the DNS server during the DCPROMO, it won't create a new _Msdcs.domain.com zone automatically. Maybe not automatically, but definitely after the installation and reboot, it should. Netlogon restart will also push the zone to be created. I am not sure why you are seeing

RE: [ActiveDir] DNS SOA entered incorrectly during installation

Title: Message >>Anyway, whenever I’ve set up DNS separately from DCPROMO, set up my forward and reverse zones, then pointed my soon-to-be DC at it and run DCPROMO   Is there a special reason for your doing it this way, instead of:   ".point my soon-to-be-DC at one (or 2) of my existing DNS

RE: [ActiveDir] Where did "Additional Acct Info" tab go to?

Let me guess... you are doing a "find" in ADUC, and you are then looking at the object's properties from the result of the "find". Correct? Try drilling down to where the account is located and then looking at the properties directly, you will very likely see the "additional account info" tab th

RE: [ActiveDir] Scripting terminology question

anything that I am aware of but helps them stick out.     joe   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of deji AgbaSent: Thursday, February 05, 2004 10:28 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Scripting terminology question H...I think this belogs in the

RE: [ActiveDir] Restore a failed DC that was the only DC for a do main

All you need for your test is that one Hardware and something like MS Virtual Server: From http://www.microsoft.com/windowsserver2003/evaluation/trial/virtualserver.msp x To Join the Virtual Server Customer Preview 1. Go to the BetaPlace Web site (http://www.b

RE: [ActiveDir] Scripting terminology question

H...I think this belogs in the class of the "what is the meaning/origin of life?" questions :). I never bothered to ask.     Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+Iwww.akomolafe.comwww.iyaburo.comDo you now realize that Today is the Tomorrow you were worried about Yesterday?  -anon

RE: [ActiveDir] Removing Legal Notice Caption Text GPO

Before you set it to "Not Define", remove the Notice and, after it's all propagated, then set it to "Disabled". You can then set it to "Not Defined" after a while. What's happening is that the clients are already tattooed with the setting and you need to clear it out first. Another way is to jus

RE: [ActiveDir] Determining when an account was disabled

I think that would most likely be "whenChanged", but because it's not a replicated attribute, it's not reliable. Also, it may NOT be accurate because some other actions may have happened to the account since being disable. So, I don't really think you should be looking at ADSI/LDP for this. I thi

RE: [ActiveDir] Active Directory International Support

>>I removed admin from all but 5 people, we became stable and secure and had 55 pissed off people.   Are you talking about me again? :)   jk. You are superb, you know that.     Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+Iwww.akomolafe.comwww.iyaburo.comDo you now realize that Today is the Tomorr

RE: [ActiveDir] ADSI info in configuration container

That would be because the configuration info is stored on the Root Domain (CN=Configuration,DC=yourRoot,DC=blah) and not at the Child domain. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yester

RE: [ActiveDir] read PasswordLastChanged question

>>and second I don't particularly like the idea of hard coding a user name and password into the asp or in a vbscript... Here's how I solved that issue on some of my applications (vbscript-cum-ASP): I create a user and delegate the AD function I want the script to perform to it. I have a table i

RE: [ActiveDir] FW: Changing properties

H.. it seems you are correct. Never thought I'd find a job dsacls can not do :) Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [

RE: [ActiveDir] DNS Registry entry

This is because SP4 turns the regkey off. On all my SP3 DCs, it's "1". When you enable the "Secure Cache Against Pollution" option in pre-SP4, the regekey is automatically created and set. I suspect they change this option in SP4 to address the issue that some people had with the "SecureResponses"

RE: [ActiveDir] [OT] DSACLS Gripe

ure how many times I have retyped a command thinking a completely screwed it up and it was only a matter of the case of the switch or the case of the property set or whatever that I was trying to set... Quite annoying.      joe   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of d

RE: [ActiveDir] Changing properties

dsacls /I(uppercase i):T should work for you.   I have a short blurb on dsacls here: http://www.akomolafe.com/docs/dsacls.htm   HTH     Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+Iwww.akomolafe.comwww.iyaburo.comDo you now realize that Today is the Tomorrow you were worried about Yesterday?  -ano

RE: [ActiveDir] Help, file locked

Then that would be openfileS.exe, and it does not run on anything older than XP.     Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+Iwww.akomolafe.comwww.iyaburo.comDo you now realize that Today is the Tomorrow you were worried about Yesterday?  -anon From: GRILLENMEIER,GUIDO (HP-Germany,ex1)Sent:

RE: [ActiveDir] Upgrade to Win2k

Title: Upgrade to Win2k http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/cookbook/cookintr.asp     Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+Iwww.akomolafe.comwww.iyaburo.comDo you now realize that Today is the Tomorrow you were worried about Yesterday?  -anon From: Sudhir K

RE: [ActiveDir] forcing a logoff

When we had a similar project, the intention was not so much to prevent "the user" from accessing network resources. IThe objective was to turn off unpatched/vulnerable systems that do not conform to the corporate standard. For example, you want computers that don't have the latest AV or are not

RE: [ActiveDir] GPO and the Outlook Dumpster

er. Hope that helps. Olly -Original Message- From: deji Agba [mailto:[EMAIL PROTECTED] Sent: 15 January 2004 07:18 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] GPO and the Outlook Dumpster I usually refrain from adding to a thread more than once, except to occasionally concur. I have

RE: [ActiveDir] Account Reset after removing old domain

You most likely have the "Logon as a Service" user rights defined on one of your Group Policies (most likely the Default Domain Policy). This is located under Computer Configuration -> Windows Settings -> Local Policies ->User Rights Assignment.   You need to either NOT define this right, or add

RE: [ActiveDir] NTDS KCC error

IF I were troubleshooting this, I'd remove the bridgehead designations and let everything go over any available server, then wait for the problem to go away. After that, examine your bridgehead designations closely again. You will likely find out that the DC in LEX site that you've designated as

RE: [ActiveDir] LDIFDE and Perl...

For importing, try ADModify http://hellomate.info/exchange/admodify_1.5.zip   For auto account creation, try http://www.microsoft.com/technet/treeview/default.asp?url="">   HTH   Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+Iwww.akomolafe.comwww.iyaburo.comDo you now realize that Today is the Tomor

RE: [ActiveDir] GPO and the Outlook Dumpster

eielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message-From: deji Agba [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 14, 2004 1:40 AMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] GPO and the Outlook Dumpster your protection against this "CYA" type

RE: [ActiveDir] Happy Birthday [list owner]

Congrats, Tony. And to everyone who have been filling my head with so much "techie" stuffs since I joined this list, I say thank you for your selfless contributions. I know I have personally benefitted from your contributions.     Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+Iwww.akomolafe.comwww.i

RE: [ActiveDir] GPO and the Outlook Dumpster

your protection against this "CYA" type of deletion is backup. If you maintain a diligent backup of your Exchange Server, you can always do a restore to your offline server whenever you need to "prove" something. Disabling access to the "Recover Deleted Items" folder will not buy you much with a

RE: [ActiveDir] setting TS properties

Something like: Const ADS_PROPERTY_CLEAR = 1 Use ADO to query you AD for the users' DistinguishedName   Then do: objUserDN = objRecordSet.Fields("distinguishedName").Value  Set ObjPath = getObject("LDAP://" & objUserDN) objPath.PutEx ADS_PROPERTY_CLEAR, "profilePath", 0 objPath.SetInfo  'Do It N

RE: [ActiveDir] Policy to distribute domain wide HOSTS file

What would be the purpose? Maybe letting us in on your line of thoughts would make it easier for someone to help you with this or recommend an alternative.     Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+Iwww.akomolafe.comwww.iyaburo.comDo you now realize that Today is the Tomorrow you were worrie

RE: [ActiveDir] inactive computers question

the DC he happens to query. The lastLogon attribute (available in 2000) is not replicated, so if the scripts use that to determine inactive computers then they'll need to loop through all of the DCs to get the most recent value. ____ From: deji Agba [mailto:[EMAIL P

RE: [ActiveDir] inactive computers question

though I haven't used dsquery this way before, i think I can hazard a simple theory as to why you are getting inconsistent reports. Since pwdLastSet is not replicated among DCs, the values will be DIFFERENT across all you DCs. There is no magical way to determine which DC has the most current va

RE: [ActiveDir] attribute for remote access

Just a little thing observation here. msNPAllowDialin is NOT populated if you are using RAS Policies (or RADIUS) to set the Dialin access. This code will return only users who have their Dialin properties manually set to either "Allow" or "Deny" on their accounts. In my environment, we set Di

RE: [ActiveDir] Event Log monitoring tools

Clay, EventCombMT is actually part of the SECOPS tools and it's publicly available for download.   http://download.microsoft.com/download/c/e/3/ce3fd3de-ae44-4c10-858c-67df0b06771e/secops.exe   I personally think dumpevt (http://www.systemtools.com/somarsoft/) kicks butt.   HTH   Sincerely,Dèj

[ActiveDir] Is DBFlag a DWORD or a STRING?

Excuse my confusion, but I have noticed a seemingly confusing directives from some MS literature that I need help clarifying.   Q109626 states: Windows 2000 Server VersionsThe version of Netlogon.dll that has tracing included is installed by default. To enable debug logging, set the debug fla

[ActiveDir] Personal "Thank You" note to Tony Murray

I appreciate the recommendation. It's very gratifying to be counted among the worthy :) I'm sure you know what I'm talking about. Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -ano

RE: [ActiveDir] User export

If the Policy does not allow for blank passwords, then I assume the import fails. If I were doing this, I'd use the ADModify tool to export the accounts. The output will be an ldf file. I'd use an encoder like this (http://www.opinionatedgeek.com/DotNet/Tools/Base64Encode/Default.aspx) to encode

RE: [ActiveDir] Exchange: decommission the exchange 2000 server

I am not aware of a white paper for this. But to answer your specific question on PF transfer, the easiest way (for me) is to add the replica of the PF to the new Exchange Server. Wit for a sufficiently long period of time for the Replica to come over, then remove the Original Exchange server from

RE: [ActiveDir] Settle a disagreement

Title: Message >>every 90 minutes plus or minus 30 minutes. >>every 90 minutes with an offset of up to 30 minutes   In the sense that "plus or minus" can literally mean "up to", I'd say you are both saying the same thing, but in different tongues :)   Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+Iw

<    4   5   6   7   8   9   10   >